Spike: Explore middleware extensibility options for Console

[graikhel-intel]

Description

Today, MPS and RPS allow Customers/ISVs/Developers to add custom request handlers that run before API endpoints. These handlers are commonly used to integrate things like custom authentication or multi-tenant routing, without modifying core service code.

We need to explore what options exist in Console to allow similar customization, and what level of flexibility we can safely support.

This spike is about understanding what is possible, what is practical, and what tradeoffs exist.

References

Source link to middleware support in MPS:
https://github.com/device-management-toolkit/mps/tree/main/src/middleware

Source link to middleware support in RPS:
https://github.com/device-management-toolkit/rps/tree/main/src/middleware

Documentation link:
https://device-management-toolkit.github.io/docs/2.29/Reference/middlewareExtensibility/

Spike goals / questions to answer

• How can Console (Go) allow custom logic to run on incoming HTTP requests before API handlers?
• What approaches are available in Go to support: Custom authentication or token validation
  or Multi-tenant request handling
• What would ISVs need to do to plug in their logic?
• What are the limitations and risks of each option?
• How closely should Console aim to behave like MPS/RPS, and where differences are expected because of Go?
• Create a follow-up implementation story